What is required for auto detection and negotiation of NAT when establishing a VPN link?

IT Questions BankCategory: CCNA SecurityWhat is required for auto detection and negotiation of NAT when establishing a VPN link?

What is required for auto detection and negotiation of NAT when establishing a VPN link?

  • Both VPN end devices must be configured for NAT.
  • No ACLs can be applied on either VPN end device.
  • Both VPN end devices must be NAT-T capable.
  • Both VPN end devices must be using IPv6.

Explanation: Establishing a VPN between two sites has been a challenge when NAT is involved at either end of the tunnel. The enhanced version of original IKE, IKE version 2, now supports NAT Traversal (NAT-T). NAT-T has the ability to encapsulate ESP packets inside UDP. During IKE version 2 Phase 1, the VPN end devices can detect whether the other device is NAT-T capable and whether either device is connecting through a NAT-enabled device in order to establish the tunnel.

Exam with this question: CCNA Security Final Exam Answers

Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments